You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Trojan-downloader.win32.conhook.bg

hi i seem to have this trojan that won't go away even though f-secure seems to delete it but when i restart it comes back everytime, here is my hijack this log anyway please please helpLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:26:49, on 05/09/2007Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)Boot mode: Normal

BC AdBot (Login to Remove)

Welcome to the BleepingComputer HijackThis Logs and Analysis forum chinnerMy name is Richie and i'll be helping you to fix your problems.

You have F-Secure Internet Security and Norton AntiVirus installed.Its definitely not a good idea to have more than one antivirus program installed on your computer. Each program may interpret the actions of the other as viral, therefore giving you false virus warnings about virus-related activities.It could also lead to system slowdowns and other problems within the operating system,due to the two conflicting with each other.You should uninstall one of them now,then restart your pc.

If you decide to uninstall Norton,if there’s no uninstaller available in Add\Remove Programs then you’’ll need to download and run the Norton Removal Tool:http://service1.symantec.com/SUPPORT/tsgen...005033108162039*Please Note:*The Norton Removal Tool will remove all Norton/Symantec products from your pc.

Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each Java versions.12. Reboot your computer once all Java components are removed.13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

Download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktopClose any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Copy and paste the following text in the Quote box below into Notepad.Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.bat to your desktop.Then double click on the fix.bat file on your desktopYou'll see a black screen flash,thats normal.

@echo offsc stop Symantec Core LCsc delete Symantec Core LC

Restart your pc.

Copy and paste ALL the following text in the Quote box below into Notepad.Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Click on Start>Run and type Services.msc then hit Ok.Scroll down and find the service called:Symantec Core LCWhen you find it, double-click on it.In the next window that opens, click the 'Stop' button. Then change the 'Startup Type:' to 'Disabled'. Now press Apply and then Ok and close any open windows.

Click Start>Run and type regedit then click OK.Navigate to HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>ServicesScroll down the left pane,locate the service name:Symantec Core LCRight click on it 'Delete'. Then reboot.

Go here:http://virusscan.jotti.org/Using the 'Browse' button,browse to:F:\WINDOWS\system32\cmmcat.dllThen press the 'Submit' button.Wait while the file is scanned.Post the results into your next reply.

If Jotti's too busy,try here:http://www.virustotal.com/en/virustotalf.htmlClick on the 'Analysis' tab.Using the 'Browse' button,browse to:F:\WINDOWS\system32\cmmcat.dllThen click on 'Send File'.Post the results into your next reply.

Double-click ATF-Cleaner.exe to run the program.Click 'Select All' found at the bottom of the list.Click the 'Empty Selected' button.

If you use Firefox browser, do this also:Click Firefox at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE:If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:Click Opera at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE:If you would like to keep your saved passwords,please click 'No' at the prompt.Click 'Exit' on the Main menu to close the program.

Click on Start/All Programs/Accessories/System Tools/System Restore. In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'. In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'. The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.The 'Select Drive' box will appear,click on Ok.The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.At the bottom in the 'System Restore' window,click on the 'Clean up...' button.A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.Click on 'Yes' at 'Are you sure you want to perform these actions?'.Now wait until 'Disk Cleanup' finishes and the box disappears.